VPNs, the GFW, and me.

In all likelihood, I'm going to be spending a year in Beijing starting in September. It won't be my first trip out to BJ, but it will be the first one for any appreciable amount of time, and I'm looking at the best ways to access the free internet from around the GFW.

Paid proxies and VPNs are apparently the defacto "best" way to do it as far as the expat community seems to be concerned, but I've got an old Mac Mini and parents with an always on US-based internet connection, so why not set up my own VPN?

Which is literally the question I'm posing here. Why not? Is there any reason setting up a VPN server on a low-power machine in a DMZ on my parents' network won't do what I want (specifically access youtube, facebook, netflix, etc.)? I'll admit to not really knowing the theory behind China's GFW. Is there anything else I'll need to deal with?

It would probably work fine if the firewall allows it out and the ISP at the house allows it in. I think if you put the mac server OS on there it has VPN built in. Otherwise you could put some linux version on it or put some Mac compatible proxy or VPN software on it.

From what I've read, the firewall will allow it out, and I know the ISP will allow it in. AFAIK, the way it works is because rather than seeing that I'm connecting to a blocked site, it just looks like I'm sending and receiving data from my parents' network? But is that how a VPN works, or would I effectively just be using the Mini as a proxy? I've heard VPNs are the faster route, but the only explanation I've heard of how it actually works WRT the GWF is that you end up with a US-based IP address somehow that "tricks" the GFW in to thinking you're in the US. But how would that work, since you're still connecting to the internet /through/ the GFW, which is hosted at the ISP level?

Also, since my parents don't have a static IP, will I need to worry about some sort of DNS solution?

most new routers have a dyndns client that can handle the dynamic ip issue.

what does the expat community say about the type of VPN to use? because an SSL VPN is an application layer VPN, it is possible to leak DNS queries. that may be a means for the GFW to block you. an ipsec VPN is layer 3 and you can force all traffic through the tunnel, which prevents UDP leaks. depending on what is allowed through the GFW, the choice may be made for you.

I have setup openvpn for myself, which is an SSL layer 7 VPN. it was involved but not overly difficult. I have not setup something like openswan which is a layer 3 ipsec VPN. I think its a more difficult setup.

most new routers have a dyndns client that can handle the dynamic ip issue.

what does the expat community say about the type of VPN to use? because an SSL VPN is an application layer VPN, it is possible to leak DNS queries. that may be a means for the GFW to block you. an ipsec VPN is layer 3 and you can force all traffic through the tunnel, which prevents UDP leaks. depending on what is allowed through the GFW, the choice may be made for you.

I have setup openvpn for myself, which is an SSL layer 7 VPN. it was involved but not overly difficult. I have not setup something like openswan which is a layer 3 ipsec VPN. I think its a more difficult setup.

Honestly, the expat community mostly talks about commercial VPN solutions, since most of them don't have friends or family willing to host small servers for them back home. The one thing I /have/ heard actually, is to avoid IPsec in favor of OpenVPN, but I think they were talking about pain-in-the-ass factor, there.

In order to use the dyndns feature on my router, I'd still need an account with a dyndns server, yes?